bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

Analysis

max time kernel
150s
max time network
135s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
12-04-2024 22:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42.zip
Size

41KB
MD5

1df9a18b18332f153918030b7b516615
SHA1

6c42c62696616b72bbfc88a4be4ead57aa7bc503
SHA256

bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
SHA512

6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80
SSDEEP

768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	SearchProtocolHost.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	SearchIndexer.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\regedit.exe,-309 = "Registration Entries"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.dib = "1"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\xpsrchvw.exe,-106 = "XPS Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195 = "Compressed (zipped) Folder"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-2 = "XSL Stylesheet"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.TS = "1"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice\ProgId = "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E37A73F8-FB01-43DC-914E-AAEE76095AB9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000006e47534d2d8dda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice\Hash = "x4q3AkHkubI="	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice\Hash = "YLGNSUTei/o="	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.3g2 = "1"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.HTM\UserChoice\ProgId = "AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f7ac714b2d8dda01	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.png = "1"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.mp4 = "1"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice\Hash = "4HUob98pJ1E="	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice\ProgId = "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice\ProgId = "AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice\ProgId = "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Common Files\System\wab32res.dll,-4602 = "Contact file"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{80009818-F38F-4AF1-87B5-EADAB9433E58} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000000ef5664f2d8dda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList	SearchProtocolHost.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: 33	1520	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1520	SearchIndexer.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 192	1520	SearchIndexer.exe	76
PID 1520 wrote to memory of 192	1520	SearchIndexer.exe	76
PID 1520 wrote to memory of 3536	1520	SearchIndexer.exe	77
PID 1520 wrote to memory of 3536	1520	SearchIndexer.exe	77

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\42.zip
1⤵
PID:4740

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2920

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:192
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 692
  2⤵
  - Modifies data under HKEY_USERS
  PID:3536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1520-0-0x000002E2EB880000-0x000002E2EB890000-memory.dmp

Filesize
64KB

Download
memory/1520-16-0x000002E2EB980000-0x000002E2EB990000-memory.dmp

Filesize
64KB

Download
memory/1520-32-0x000002E2EFEE0000-0x000002E2EFEE8000-memory.dmp

Filesize
32KB

Download
memory/3536-38-0x0000020D0B370000-0x0000020D0B380000-memory.dmp

Filesize
64KB

Download
memory/3536-40-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-41-0x0000020D0B370000-0x0000020D0B380000-memory.dmp

Filesize
64KB

Download
memory/3536-42-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-44-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-45-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-46-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-47-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-48-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-51-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-56-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-63-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-64-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-65-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-62-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-59-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-58-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-57-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-55-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-52-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-66-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-67-0x0000020D0BDF0000-0x0000020D0BE00000-memory.dmp

Filesize
64KB

Download
memory/3536-68-0x0000020D0BDF0000-0x0000020D0BDF1000-memory.dmp

Filesize
4KB

Download
memory/3536-69-0x0000020D0B370000-0x0000020D0B380000-memory.dmp

Filesize
64KB

Download
memory/3536-70-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-73-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-74-0x0000020D0B370000-0x0000020D0B380000-memory.dmp

Filesize
64KB

Download
memory/3536-75-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-76-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-79-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-78-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-77-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-82-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-83-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-87-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-93-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-90-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-89-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-88-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-86-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-97-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-99-0x0000020D0B370000-0x0000020D0B380000-memory.dmp

Filesize
64KB

Download
memory/3536-106-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-109-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-124-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-125-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-131-0x0000020D0BDF0000-0x0000020D0BE00000-memory.dmp

Filesize
64KB

Download
memory/3536-132-0x0000020D0B370000-0x0000020D0B380000-memory.dmp

Filesize
64KB

Download
memory/3536-137-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-138-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-141-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-152-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-153-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-154-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-164-0x0000020D0B370000-0x0000020D0B380000-memory.dmp

Filesize
64KB

Download
memory/3536-165-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-174-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-181-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-182-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-185-0x0000020D0B370000-0x0000020D0B380000-memory.dmp

Filesize
64KB

Download
memory/3536-193-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-197-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-198-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-204-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-203-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-211-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-214-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-225-0x0000020D0B370000-0x0000020D0B380000-memory.dmp

Filesize
64KB

Download
memory/3536-227-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-230-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-242-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-244-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-245-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-253-0x0000020D0B370000-0x0000020D0B380000-memory.dmp

Filesize
64KB

Download
memory/3536-254-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-267-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-274-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-281-0x0000020D0B370000-0x0000020D0B380000-memory.dmp

Filesize
64KB

Download
memory/3536-288-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-294-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-300-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-309-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-314-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-317-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-330-0x0000020D0B370000-0x0000020D0B380000-memory.dmp

Filesize
64KB

Download
memory/3536-333-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-343-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-349-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-350-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-356-0x0000020D0B370000-0x0000020D0B380000-memory.dmp

Filesize
64KB

Download
memory/3536-357-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-378-0x0000020D0B3A0000-0x0000020D0B3B0000-memory.dmp

Filesize
64KB

Download
memory/3536-397-0x0000020D0BDF0000-0x0000020D0BDF3000-memory.dmp

Filesize
12KB

Download